From b578bf27a4a70eea09bace6f5ce53f58a6fb82da Mon Sep 17 00:00:00 2001
From: rimu <3310831+rimu@users.noreply.github.com>
Date: Sun, 16 Jun 2024 14:03:59 +0800
Subject: [PATCH] only accept image files in certain forms

---
 app/admin/forms.py     |  2 +-
 app/community/forms.py | 10 +++++-----
 app/models.py          |  9 +++++++++
 app/user/forms.py      |  4 ++--
 4 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/app/admin/forms.py b/app/admin/forms.py
index e28188be..b3e9ddeb 100644
--- a/app/admin/forms.py
+++ b/app/admin/forms.py
@@ -15,7 +15,7 @@ class SiteProfileForm(FlaskForm):
     description = StringField(_l('Tagline'))
     icon = FileField(_l('Icon'), validators=[
         FileAllowed(['jpg', 'jpeg', 'png', 'webp'], 'Images only!')
-    ])
+    ], render_kw={'accept': 'image/*'})
     sidebar = TextAreaField(_l('Sidebar'))
     about = TextAreaField(_l('About'))
     announcement = TextAreaField(_l('Announcement at top of home page'))
diff --git a/app/community/forms.py b/app/community/forms.py
index f1bba599..a30b79b4 100644
--- a/app/community/forms.py
+++ b/app/community/forms.py
@@ -19,8 +19,8 @@ class AddCommunityForm(FlaskForm):
     community_name = StringField(_l('Name'), validators=[DataRequired()])
     url = StringField(_l('Url'))
     description = TextAreaField(_l('Description'))
-    icon_file = FileField(_l('Icon image'))
-    banner_file = FileField(_l('Banner image'))
+    icon_file = FileField(_l('Icon image'), render_kw={'accept': 'image/*'})
+    banner_file = FileField(_l('Banner image'), render_kw={'accept': 'image/*'})
     rules = TextAreaField(_l('Rules'))
     nsfw = BooleanField('NSFW')
     local_only = BooleanField('Local only')
@@ -47,8 +47,8 @@ class AddCommunityForm(FlaskForm):
 class EditCommunityForm(FlaskForm):
     title = StringField(_l('Title'), validators=[DataRequired()])
     description = TextAreaField(_l('Description'))
-    icon_file = FileField(_l('Icon image'))
-    banner_file = FileField(_l('Banner image'))
+    icon_file = FileField(_l('Icon image'), render_kw={'accept': 'image/*'})
+    banner_file = FileField(_l('Banner image'), render_kw={'accept': 'image/*'})
     rules = TextAreaField(_l('Rules'))
     nsfw = BooleanField(_l('Porn community'))
     local_only = BooleanField(_l('Only accept posts from current instance'))
@@ -154,7 +154,7 @@ class CreateImageForm(FlaskForm):
     image_title = StringField(_l('Title'), validators=[DataRequired(), Length(min=3, max=255)])
     image_alt_text = StringField(_l('Alt text'), validators=[Optional(), Length(min=3, max=1500)])
     image_body = TextAreaField(_l('Body'), validators=[Optional(), Length(min=3, max=5000)], render_kw={'rows': 5})
-    image_file = FileField(_l('Image'), validators=[DataRequired()])
+    image_file = FileField(_l('Image'), validators=[DataRequired()], render_kw={'accept': 'image/*'})
     tags = StringField(_l('Tags'), validators=[Optional(), Length(min=3, max=5000)])
     sticky = BooleanField(_l('Sticky'))
     nsfw = BooleanField(_l('NSFW'))
diff --git a/app/models.py b/app/models.py
index e4376269..acc0316b 100644
--- a/app/models.py
+++ b/app/models.py
@@ -1489,6 +1489,15 @@ class Site(db.Model):
         return User.query.filter_by(deleted=False, banned=False).join(user_role).filter(user_role.c.role_id == 4).all()
 
 
+#class IngressQueue(db.Model):
+#    id = db.Column(db.Integer, primary_key=True)
+#    waiting_for = db.Column(db.String(255), index=True)         # The AP ID of the object we're waiting to be created before this Activity can be ingested
+#    activity_pub_log_id = db.Column(db.Integer, db.ForeignKey('activity_pub_log.id')) # The original Activity that failed because some target object does not exist
+#    ap_date_published = db.Column(db.DateTime, default=utcnow)  # The value of the datePublished field on the Activity
+#    created_at = db.Column(db.DateTime, default=utcnow)
+#    expires = db.Column(db.DateTime, default=utcnow)            # When to give up waiting and delete this row
+#
+#
 @login.user_loader
 def load_user(id):
     return User.query.get(int(id))
diff --git a/app/user/forms.py b/app/user/forms.py
index 062b0c54..a44f3eb1 100644
--- a/app/user/forms.py
+++ b/app/user/forms.py
@@ -17,8 +17,8 @@ class ProfileForm(FlaskForm):
                                    render_kw={"autocomplete": 'new-password'})
     about = TextAreaField(_l('Bio'), validators=[Optional(), Length(min=3, max=5000)], render_kw={'rows': 5})
     matrixuserid = StringField(_l('Matrix User ID'), validators=[Optional(), Length(max=255)], render_kw={'autocomplete': 'off'})
-    profile_file = FileField(_l('Avatar image'))
-    banner_file = FileField(_l('Top banner image'))
+    profile_file = FileField(_l('Avatar image'), render_kw={'accept': 'image/*'})
+    banner_file = FileField(_l('Top banner image'), render_kw={'accept': 'image/*'})
     bot = BooleanField(_l('This profile is a bot'))
     submit = SubmitField(_l('Save profile'))